Advisories

HAA 2023-010: HITRUST Risk Management Handbook

Written by HITRUST | Feb 28, 2024 8:22:43 PM

Overview
The Risk Management Handbook presents risk management concepts and methodologies foundational to the HITRUST Approach™. This handbook is intended to help support integration of HITRUST products, services, and tools into an organization’s existing risk management program.

Details
Since its release in 2009, HITRUST has developed and communicated specific elements of its Risk Management Framework (RMF) through various whitepapers, presentations, and other documents. The new Risk Management Handbook consolidates and aligns these elements by providing a centralized discussion of the underlying methodologies that make up the HITRUST RMF. The Risk Management Handbook helps illustrate how those concepts support the various products, services, and tools that collectively make up the HITRUST Approach.

The original risk analysis guidance present in the following documents will be removed from the HITRUST website on December 12, 2023.

  • Risk Analysis Guide
  • Understanding HITRUST’s Approach to Risk vs. Compliance-based Information Protection
  • Risk Management Frameworks

While the Risk Management Handbook illustrates the foundational risk management concepts underlying the HITRUST risk management framework (also known as the HITRUST Approach), the Assessment Handbook (announced in exposure draft alongside the Risk Management Handbook in HAA 2023-008) defines the requirements for Assessed Entities and External Assessors completing readiness or validated assessments and provides guidance and expectations of the assessment and certification processes. Please note that the final version of the HITRUST Assessment Handbook will be published in a future Advisory.

Additional resources
For any additional questions, please contact our Support team or a HITRUST Customer Success Manager.